HTTP response compression is disabled by default. Mitigation available if compression can not be disabled [15].

[12]

2012

CRIME

Server supporting TLS compression

TLS compression is disabled by default.

[13]

2011

BEAST

Server supporting TLS 1.0 with CBC mode ciphers

TLS protocol version 1.1 and 1.2 take priority over TLS 1.0 and GCM mode over CBC mode.

[2]

* Hotfixes available for older releases** We do not consider Airlock WAF releases before 4.2

Client Compatibility

The default SSL/TLS configuration of Airlock WAF provides a good balance between security and client compatibility. Unfortuantly it not possible to support very old clients while preventing all known SSL/TLS attack. The default configuration of Airlock WAF is compatible with all modern clients. The following table shows when and why we dropped support for older browsers.

Recommandations for TLS Server Certificates

Airlock WAF supports RSA server certificates. We do not recommend to configure DSA or ECDSA certificates even if it is possibles with Apache Expert Settings. We recommend to use 2048 bit RSA keys or more and a hashing algorithm like SHA256 or better.

Other Considerations in Airlock WAFs SSL/TLS Default Configuration

Forward Secrecy

Forward Secrecy is a security property provided by ciphers with ephemeral Diffie-Hellmann (DHE) key exchange scheme. With Forward Secrecy, attackers cannot decrypt intercepted traffic even if they get hold of the private key used in the session handshake. DHE key exchange is slower than ECDHE (Elliptic curve DHE) key exchange. ECDHE ciphers are available since Airlock 5.0. All modern clients establish a cipher with forward secrecy property with Airlock WAF.

Note that Non-Forward Secrecy ciphers are only vulnerable if your private keys are compromised. However, keeping private keys confidential is crucial even if Forward Secrecy ciphers are used, because an active Man-in-the-Middle attacker can still decrypt the traffic if he knows the private keys during the SSL handshake.

Weak Diffie Hellman Parameter / Java 6

To prevents attacks like logjam, Airlock WAF does not support weak Diffie Hellman parameters (i.e. parameters shorter than 1024 bits). The actual DH parameter size depends on the size of the configured certificate. To support clients based on Java 6 which do not support large DH parameters, Airlock WAF establish a non-DHE cipher (AES128-SHA) with Java 6 clients.

Custom SSL/TLS settings for front-side HTTPS connections

The default cipher suite and other SSL/TLS settings can be overwritten in the Configuration Center with Apache Expert settings. See ciphersuite-configuration.